3

I'm using a training lab to learn computing security. And I retrieved the hash of the admin in this form:

admin:1001:NO PASSWORD*********************:D4BF5A8658AFXXXXXXXX5B8DBB60859746:::

So, I just have the NTLM part (not the LM), and cracking password is very hard without LM part.

So I would like to know if there is a tool to connect to the VNC service (port 5900) of the remote computer only using the NTLM hash.

HashHazard
  • 5,105
  • 1
  • 17
  • 29
Addon
  • 31
  • 3
  • You can't pass the hash with VNC. If the Windows "admin" user is using the same password for the VNC service, you'll have to crack the hash and use that. – HashHazard Sep 09 '16 at 03:50
  • NTLM cracking is not that hard, let it run for a few days.... – eckes Jul 05 '17 at 22:31

2 Answers2

2

Yes, use psexec module from Metasploit.. however, for this to work port 445 should be open on the target. psexec module will require the username and password hash to deploy a meterpreter backdoor. once, achieved you can run the vnc post exploitation module and will be presented with a nice GUI of the target, All the best.

Nipun Jaswal
  • 134
  • 5
-2

you need VNC password hash from captured traffic (challenge and response). and hashcat

anakinra
  • 1